Exploring the W3C DID specification to enable Web3.0 identity solutions...
Hackers value personal information the most. 96% of hacking groups’ primary motive is intelligence gathering. Researchers at privacy website PrivacyAffairs.com found that you can obtain a person's full identity for the low price of $1,275. This price includes bank credentials, a driver’s license, car insurance card, bank statements, and an ID card. In other words, you can take control of a person's entire life, with devastating effects.
For $1,275, you can control a person’s identity.
These are shocking numbers. The dark web has a longstanding reputation as a haven for the worst kinds of criminal activity. Identity fraud is one of the driving motivators for this underground economy.
A few years ago, the World Wide Web Consortium (W3C) started the W3C DID Working Group to combat identity fraud. They are working on a Decentralized Identifier URI scheme to create a globally unique, cryptographically verifiable identity solution. Their goal is to create a safer environment for exchanging personal information. Currently, Decentralized Identifiers (DIDs) identify people, organizations, and things to achieve multiple security and privacy-protecting guarantees.
This article takes a more in-depth look at the risks of centralized credential systems, how the W3Cs DID system works, and possible use cases for DIDs.
We can’t deny rapid digitalization has brought many benefits to humanity. However, the regularity with which we now share personal information has led to a massive increase in identity theft, becoming one of the most talked-about issues in recent times.
Many data breaches prove that organizations are not yet prepared to process and store sensitive consumer data. Do you know that in 2018, hackers exposed 2.8 billion consumer records through data breaches resulting in an estimated cost of more than $654 billion?
Hackers exposed 2.8 billion consumer records in 2018 with an estimated cost of $654 billion.
However, we don’t have many alternatives to give companies access to our data. Single Sign-On (SSO) authentication solutions have gained popularity as they let you control what information you share and what kind of personal information companies can access.
Still, we see an increase in the number of fake identities on the web. It’s incredibly easy to create a fake identity for fraudulent activities without repercussions. Not to mention the rise of Deepfakes that can mimic identities, such as a nation’s president.
For this exact reason, the W3C consortium has started the DID workgroup to combat both fake identities as data breaches. In other words, the W3C seeks to transform the way we exchange and access personally identifiable information (PII).
The W3C Decentralized Identifiers (DIDs) specification currently stands at version 1.0 — a draft they published on 27 October 2020.
The DID specification enables a variable, decentralized digital identity. A DID can identify a person, organization, or even a thing - we call this a subject. Think about cars under a car-sharing model. We can identify each vehicle by a decentralized identifier to enable payments to the car.
Next, a DID represents a URI - a hyperlink - to a DID Document that describes the subject. This method removes the need for a centralized authority that verifies a subject’s identity. Look at traditional certificate authority servers that perform domain validations and hand out certificates to enable secure HTTPS connections.
Under the DID model, we can decouple DIDs from centralized registries. The DID design enables the DID controller to prove control over a DID Document without requiring permission from any other party, such as a certificate authority.
Prove control over a DID Document without requiring permission from a third party.
The DID draft outlines the following properties for DID Documents, “Each DID Document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Service endpoints enable trusted interactions associated with the DID subject.”
So how does that work practically? Each DID represents a URI, e.g. “DID:subject:aslies8402id112450”, which is stored on-chain. This URI points to a DID Document stored in a centralized location so we can quickly retrieve it. Each DID Document is a JSON object that contains more information about the subject itself and defines the possible actions.
(Source: Self-managed DID Document example by W3C)
Most importantly, a DID Document contains a public key for verification purposes. The owner of a DID Document can prove its ownership using the associated private key. This is a powerful concept as we eliminate centralized services to prove ownership over a DID Document.
Furthermore, a DID Document lists one or multiple service endpoints. A service endpoint represents a network address at which services operate on behalf of a DID subject. A service can have an inclusive definition, “Examples include discovery services, agent services, social networking services, file storage services, and verifiable credential repository services.”
Now, let’s explore DID use cases.
This section takes a look at Ontology, who’s actively building its ONT ID decentralized identification protocol, as well as use cases outlined by the W3C foundation. We’ll cover:
Ontology DID (ONT ID) is a decentralized identification protocol based on the W3C DID specifications. ONT ID supports diversified ownership confirmation, identification, and authentication for any type of subject.
Your daily online activity produces digital footprints in the form of data. Some of these footprints you are aware of, but many others are hidden from you without any control mechanisms in place to safeguard your data.
A cryptographically-based digital identity such as ONT ID grants users self-sovereign ownership of their data, ultimately putting access and control where it belongs — with you.
For example, in today’s market, users often hold their crypto assets in multiple different wallets, making identity verification challenging and tedious. With this in mind, ONT ID allows for identity verification if you need to verify your identity for a particular application.
Another use case for ONT ID allows both parties of a lending service to verify each other’s credit histories, asset holdings, and previous repayments while enabling them to keep all their data private — a win, win for both sides.
DID gives you access to a personal digital vault with data that you can decide to share. Currently, data stored in the cloud is typically visible to the cloud operator. Even when a cloud provider claims that they encrypt all data, you need to rely on a centralized authority to enable encrypted cloud storage.
With the use of DIDs, you can self-encrypt your data and choose where to store your encrypted data. Furthermore, through service endpoints, you can provide other parties access to your data when needed.
Most people don’t know all the companies that hold their data. And they might be surprised about the magnitude of companies that possess pieces of your PII data. It’s not surprising websites track online activity and pass it to third-party services without your consent.
Have you ever considered not accepting a cookie when visiting a website? Most people give consent to store cookies without any real care being taken. However, this allows these websites to track your online behavior in complete detail.
The solution here is to create a DID to add commercially interesting information, such as purchase history, age, or gender, without revealing any PII data. You can use this DID to provide websites and services with information to tailor their offering without giving away any PII data. Furthermore, this also prevents websites from linking your identity with other services that you use.
In other words, this option provides you with control over your PII data with the guarantee of staying relatively anonymous on the web.
We’ve already discussed how digital identifiers provide the ability to uniquely define objects and allow anyone to interact with these objects through service endpoints.
BigchainDB has taken an interesting approach to this concept. With the rise of IoT, they thought about creating cars that receive a secure chip on which we store a private key. You might wonder why? The vehicle needs to have an identity to conduct actions in the system. For that reason, the private key serves as a unique identity. Ideally, the vehicle can act truly autonomously, not being controlled by anyone.
Here, we want to allow users to use the vehicle. When they finish a ride using the vehicle, they have to send a payment to the car. Therefore, the DID Document lists service endpoints to calculate the ride’s cost and accept payments.
In short, it’s a pretty futuristic but acceptable use case. In this example, DIDs enable truly autonomous objects. Following, users can interact with the car through the listed service endpoints. Pretty cool, right?
Daimler Mobility AG and Ontology have collaboratively developed MoveX, a blockchain-based mobility platform for the automotive industry. The first product under the MoveX platform is called Welcome Home. This product allows users to enable highly personalized in-car experiences.
Users can switch cars while in-car settings follow them to other vehicles. These settings include preferences, such as:
Welcome Home provides highly personalized experiences while guaranteeing data privacy and control using Ontology’s DeID solution.
As a next step, Daimler and Ontology want to store settings for vehicles and other smart devices to create a full preference profile you can carry around and apply to different smart devices.
Binance Smart Chain offers security token offerings (STOs) for which users have to pass KYC verification. To speed up this process, Binance Smart Chain has partnered with ONT ID to implement a faster verification process.
Any user who has been verified via ONT ID automatically meets the requirements for participating in Binance Smart Chain STOs.
Specifically, Binance Chain makes use of the ONT Trust Anchor Gateway (TAG).
“ONT Trust Anchor Gateway (TAG) is an open and decentralized authentication platform based on ONT ID and the Ontology trust ecosystem. It provides KYC (Know Your Customer) services for people, finances, things, and affairs.”
“The Ontology trust ecosystem has gathered trust anchors that provide global identity authentication services, including IdentityMind, CFCA, SenseTime, Shufti Pro, etc., with email, mobile, and social media authentication methods available.” - Binance Chain blog
It’s a great solution to remove the daunting task of collecting KYC details and verifying them. This solution improves the user experience for investors but also solves data storage and validation challenges for STOs.
In today's digital world, large corporations such as Google, Amazon, Twitter, Facebook, and GitHub dominate our data. Many joke that these corporations know you better than you know yourself.
On top of that, many people use Google, GitHub, Twitter, and Facebook to log in to third-party services because it’s so convenient. This type of login system gives these companies an incredible amount of control but also insights into your data. The internet has become a place where information is combined, connected, and accessed by billions of people worldwide.
By using DIDs, we can reverse this trend and claim back control over our data.
As Li Jun from Ontology states, “With decentralized identifiers (DID’s), users can control their data in addition to granting access to their data to those they wish — rather than just having their data float around on the internet to be taken advantage of and monetized off. With data breaches and system hacks on the rise over the last decade, having a decentralized identity on the blockchain not only protects the user from harmful outsiders but more importantly guarantees their privacy and control over the transfer and management of their data as well.”
For this reason, Ontology decided to develop using DID technology and participate in the W3C DID workgroup to make a shift in the way we treat PII data.
Want to learn more about DID and self-sovereign identity? Check out the following resources: